Showing 1 - 1 of 1

CVE-2021-24910

Status Candidate

Overview

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Related Files

Transposh WordPress Translation 1.0.7 Cross Site Scripting: Posted Jul 29, 2022; Authored by Julien Ahrens | Site rcesecurity.com; Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code onto the same page.; tags | exploit, web, arbitrary, xss; advisories | CVE-2021-24910; SHA-256 | 126f6f0908b2d0af3788074669b78c52b992a1d268ad9fca40e951bf16e63e90; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 326 files
Ubuntu 72 files
Debian 21 files
Apple 14 files
LiquidWorm 13 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2021-24910

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems